Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

Filtering: Group: vendors Clear
ID Title
CVE-2026-8181 Authentication Bypass in wordpress (CVE-2026-8181)
authentication bypass in wordpress (CVE-2026-8181). Successful exploitation can lead to full system takeover. Exploitable via `Authorization header`.
CVE-2026-44194 OS Command Injection in opnsense (CVE-2026-44194)
OS command injection in opnsense (CVE-2026-44194). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `26.1.8` or later.
CVE-2026-45053 Unrestricted File Upload in CVE-2026-45053 (CVE-2026-45053)
vulnerability in CVE-2026-45053 (CVE-2026-45053). Successful exploitation can lead to full system takeover. Exploitable via `POST /api/v1/files`. Mitigation: upgrade to `6.7.0` or later.
CVE-2026-44377 Code Injection in CVE-2026-44377 (CVE-2026-44377)
code injection in CVE-2026-44377 (CVE-2026-44377). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `6.7.0` or later.
CVE-2026-0257 KEV [KEV] Vulnerability in Palo alto networks paloaltonetworks (CVE-2026-0257)
vulnerability in Palo alto networks paloaltonetworks (CVE-2026-0257). Confidential information can be exposed externally. Listed in CISA KEV — actively exploited.
CVE-2026-8495 Vulnerability in drupal/date_ical (CVE-2026-8495)
vulnerability in drupal/date_ical (CVE-2026-8495). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `4.0.15` or later.
CVE-2026-41225 Vulnerability in f5 (CVE-2026-41225)
vulnerability in f5 (CVE-2026-41225). Successful exploitation can lead to full system takeover.
CVE-2026-44547 Authentication Bypass in CVE-2026-44547 (CVE-2026-44547)
authentication bypass in CVE-2026-44547 (CVE-2026-44547). Confidential information can be exposed externally. Mitigation: upgrade to `7.3.1` or later.
CVE-2026-41901 Vulnerability in org.thymeleaf:thymeleaf (CVE-2026-41901)
vulnerability in org.thymeleaf:thymeleaf (CVE-2026-41901). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `3.1.5.RELEASE` or later.
CVE-2026-44262 Code Injection in dedoc/scramble (CVE-2026-44262)
code injection in dedoc/scramble (CVE-2026-44262). Confidential information can be exposed externally. Mitigation: upgrade to `0.13.22` or later.
CVE-2026-45185 Use-After-Free in exim (CVE-2026-45185)
vulnerability in exim (CVE-2026-45185). Successful exploitation can lead to full system takeover.
CVE-2026-34660 Authorization Flaw in adobe (CVE-2026-34660)
vulnerability in adobe (CVE-2026-34660). Confidential information can be exposed externally.
CVE-2026-34659 Unsafe Deserialization in deserialization (CVE-2026-34659)
vulnerability in deserialization (CVE-2026-34659). Successful exploitation can lead to full system takeover.
CVE-2026-44277 Vulnerability in fortinet (CVE-2026-44277)
vulnerability in fortinet (CVE-2026-44277). Successful exploitation can lead to full system takeover.
CVE-2026-42833 Vulnerability in microsoft (CVE-2026-42833)
vulnerability in microsoft (CVE-2026-42833). Successful exploitation can lead to full system takeover.
CVE-2026-42898 Code Injection in microsoft (CVE-2026-42898)
code injection in microsoft (CVE-2026-42898). Successful exploitation can lead to full system takeover.
CVE-2026-42823 Vulnerability in microsoft (CVE-2026-42823)
vulnerability in microsoft (CVE-2026-42823). Successful exploitation can lead to full system takeover.
CVE-2026-41103 Vulnerability in microsoft (CVE-2026-41103)
vulnerability in microsoft (CVE-2026-41103). Confidential information can be exposed externally.
CVE-2026-41089 Vulnerability in microsoft (CVE-2026-41089)
vulnerability in microsoft (CVE-2026-41089). Successful exploitation can lead to full system takeover.
CVE-2026-41096 Vulnerability in microsoft (CVE-2026-41096)
vulnerability in microsoft (CVE-2026-41096). Successful exploitation can lead to full system takeover.
CVE-2026-40402 Use after free in Windows Hyper-V allows an unauthorized attacker to elevate privileges locally.
Use after free in Windows Hyper-V allows an unauthorized attacker to elevate privileges locally.
CVE-2026-40379 Information Disclosure in microsoft (CVE-2026-40379)
vulnerability in microsoft (CVE-2026-40379). Confidential information can be exposed externally.
CVE-2026-33117 Authentication Bypass in com.azure:azure-security-keyvault-keys (CVE-2026-33117)
authentication bypass in com.azure:azure-security-keyvault-keys (CVE-2026-33117). Confidential information can be exposed externally. Mitigation: upgrade to `4.10.6` or later.
CVE-2026-26083 Vulnerability in fortinet (CVE-2026-26083)
vulnerability in fortinet (CVE-2026-26083). Successful exploitation can lead to full system takeover.
CVE-2026-29204 Vulnerability in CVE-2026-29204 (CVE-2026-29204)
vulnerability in CVE-2026-29204 (CVE-2026-29204). Confidential information can be exposed externally. Exploitable via ``clientarea.php``.
CVE-2026-42048 Path Traversal in langflow (CVE-2026-42048)
path traversal in langflow (CVE-2026-42048). Data can be tampered with by attackers. Exploitable via `DELETE /api/v1/knowledge_bases`. Mitigation: upgrade to `1.9.0` or later.
CVE-2026-43515 Vulnerability in tomcat (CVE-2026-43515)
vulnerability in tomcat (CVE-2026-43515). Confidential information can be exposed externally. Mitigation: upgrade to `10.1.55, 11.0.22, 9.0.118` or later.
CVE-2026-43512 Authentication Bypass in tomcat (CVE-2026-43512)
authentication bypass in tomcat (CVE-2026-43512). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `10.1.55, 11.0.22, 9.0.118` or later.
CVE-2026-41293 Vulnerability in tomcat (CVE-2026-41293)
vulnerability in tomcat (CVE-2026-41293). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `10.1.55, 11.0.22, 9.0.118` or later.
CVE-2026-8401 Sandbox escape in the Profile Backup component. This vulnerability was fixed in Firefox 150.0.3.
Sandbox escape in the Profile Backup component. This vulnerability was fixed in Firefox 150.0.3.
CVE-2026-8043 Vulnerability in ivanti (CVE-2026-8043)
vulnerability in ivanti (CVE-2026-8043). Confidential information can be exposed externally.
CVE-2026-45091 Information Disclosure in sealed-env (CVE-2026-45091)
vulnerability in sealed-env (CVE-2026-45091). Confidential information can be exposed externally. Mitigation: upgrade to `0.1.0-alpha.4` or later.
CVE-2025-40949 OS Command Injection in siemens (CVE-2025-40949)
OS command injection in siemens (CVE-2025-40949). Successful exploitation can lead to full system takeover.
CVE-2026-22924 Vulnerability in siemens (CVE-2026-22924)
vulnerability in siemens (CVE-2026-22924). Data can be tampered with by attackers.
CVE-2026-42607 Code Injection in getgrav/grav (CVE-2026-42607)
code injection in getgrav/grav (CVE-2026-42607). Successful exploitation can lead to full system takeover. Exploitable via ``directInstall``. Mitigation: upgrade to `2.0.0-beta.2` or later.
CVE-2026-40636 Vulnerability in dell (CVE-2026-40636)
vulnerability in dell (CVE-2026-40636). Successful exploitation can lead to full system takeover.
CVE-2021-47940 Vulnerability in wordpress (CVE-2021-47940)
vulnerability in wordpress (CVE-2021-47940). Successful exploitation can lead to full system takeover.
CVE-2021-47936 Vulnerability in CVE-2021-47936 (CVE-2021-47936)
vulnerability in CVE-2021-47936 (CVE-2021-47936). Successful exploitation can lead to full system takeover.
CVE-2021-47933 Vulnerability in wordpress (CVE-2021-47933)
vulnerability in wordpress (CVE-2021-47933). Successful exploitation can lead to full system takeover.
CVE-2021-47932 Vulnerability in wordpress (CVE-2021-47932)
vulnerability in wordpress (CVE-2021-47932). Successful exploitation can lead to full system takeover.
CVE-2026-6104 Out-of-Bounds Read in libphp (CVE-2026-6104)
vulnerability in libphp (CVE-2026-6104). Confidential information can be exposed externally. Mitigation: upgrade to `8.4.21, 8.5.6` or later.
CVE-2026-7261 Use-After-Free in libphp (CVE-2026-7261)
vulnerability in libphp (CVE-2026-7261). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `8.2.31, 8.3.31, 8.4.21, 8.5.6` or later.
CVE-2026-6722 Use-After-Free in libphp (CVE-2026-6722)
vulnerability in libphp (CVE-2026-6722). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `8.2.31, 8.3.31, 8.4.21, 8.5.6` or later.
CVE-2025-14179 SQL Injection in libphp (CVE-2025-14179)
SQL injection in libphp (CVE-2025-14179). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `8.2.31, 8.3.31, 8.4.21, 8.5.6` or later.
CVE-2026-42569 Vulnerability in nabeel/phpvms (CVE-2026-42569)
vulnerability in nabeel/phpvms (CVE-2026-42569). Data can be tampered with by attackers. Mitigation: upgrade to `7.0.6` or later.
CVE-2026-20160 Vulnerability in Cisco smart-software-manager-on-prem (CVE-2026-20160)
vulnerability in Cisco smart-software-manager-on-prem (CVE-2026-20160). Successful exploitation can lead to full system takeover.
CVE-2026-20147 Command Injection in Cisco dos (CVE-2026-20147)
command injection in Cisco dos (CVE-2026-20147). Successful exploitation can lead to full system takeover.
CVE-2026-20180 Path Traversal in Cisco dos (CVE-2026-20180)
path traversal in Cisco dos (CVE-2026-20180). Successful exploitation can lead to full system takeover.
CVE-2026-6074 Vulnerability in cisa (CVE-2026-6074)
vulnerability in cisa (CVE-2026-6074). Successful exploitation can lead to full system takeover.
CVE-2026-44313 SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-44313)
SSRF in ssrf (CVE-2026-44313). Confidential information can be exposed externally. Exploitable via `GET /api/v1/archives/{linkId}`.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →